Author
Topic: a encryption concept problem (Read 396 times)

currently, I am a year 11 student in hong kong. I am working a console program by Pascal.I want to enable users to register, log in, which the problem comes out.i want to store the password to a txt file such that the file work as a database. However ,i want encryption apply in it to protect the password not to read by other who get access to it.

suppose my folder only have a txt file for storing password , and a pascal file for programquestion：1.should the password in the folder already be encrypted .if no, where should I store my encrypted password .if yes, how should I protect my pascal file not to be read by other to find out the algorithm used to encrypt the password2.i am trying to understand sha256, the component that I used to change a password how should it be protected, as I still need to decrypt it again.following is the example

one of the passwords is "aaa" I want to encrypt by adding 3 of its ASCII code means it will become "ddd" after encrypt. According to what I learn, ddd should be store but not aaa, but how can I return it to ddd . and also,if I use the opposite way to encrypt to decrypt it (ASCII CODE - 3 ),where should i put the algorithm then ,or else people will also know how to change it back tho ...

but i guess i dun really understand sha256...haha i messed up my programming skill my programming knowledge and my life

Explanation that worked for my ten year old daughter, so since you are eleven this should help:sha256 is a one way hash. That means you can not get your password back...You can not decrypt it...If you dive into the water you get wet, but you can not un-dive from the water to get dry again...But that does not mean you can not check if the password is correct: if you repeat the sha256 hash it should be the same value as the first one....So you do not need the actual password anymore. You need it only once and store the hash. If you use the password, hash it again and simply compare the hashes.Think of it like:A password is a kind of question, but the hash is the only correct answer. As long as the answers are the same, you don't need the question anymore.In fact you don't need the question at all, only the answer, to know if somebody entered the right password. You don't even have to know what the question was....That's how sha256 works when used for passwords.

But of course there is also two way encryption. This is usually used for texts etc, not for passwords... (see Bart's link)with two way encryption you can get back the original text if you know the key.The simplest way to demonstrate that is like so:

writeln(ord('a')xorOrd('b'));// this calculation gives us the key: 3 in this case

writeln(char(ord('a')xor3));// this calculation gives us the original value of 'b' given our key of 3

end.

Note this is a very easy example to demonstrate a two way encryption. In real life you need something much more complex like AES which is also a two way encryption.

Summary:A secure hash like sha256 can not be decrypted, but you can use a hash to verify another hash on the same password. One way encryption. You can repeat the calculation but not reverse it.A two way encryption can get your password back, based on a key. You can reverse the calculation too.In practice things are much more complex, but these are the basics.

« Last Edit: November 09, 2018, 09:40:25 pm by Thaddy »

Logged

inline variables like in D10.3 are a bit like Brexit: if you are given the wrong information it sounds like a good idea. Every kid loves candy, but it makes you fat and your teeth will disappear.